Category Archives: Badware News

Botnets have been known to malware researchers for a long time, but such sophisticated botnets as Torii Botnet are not uncovered every day. Avast researchers say that it differs from ordinary botnets they have analyzed during their career quite a lot. First of all, they have pointed out that Torii Botnet is much more sophisticated if compared to older malware that has been placed under the botnet category. What else distinguishes it from similar threats is that it uses advanced techniques to infect devices. Third, researchers suspect that this malicious application might be used to launch any commands on affected devices. ...

Although Poison Ivy has been around for quite some time now, it keeps adapting and using new attack methods and security backdoors to spread and take over vulnerable operating systems. Last year, we saw that the attackers behind this threat were using health.pro.demo30@gmail.com and wisers.data@gmail.com email addresses to expose regular users to a malicious script. Without a doubt, these email addresses have been disabled since, but the same method could still be used, which is why it is extremely important to be cautious about spam emails that are employed in phishing attacks. ...

Do you know what a cyber espionage tool is? It is a piece of malware that enables cyber criminals to access targeted operating systems to spy on them without the owner’s knowledge. Vermin RAT (remote access tool) is one of these tools, and it was found to be targeted at the Ukrainian government agencies, along with Quasar and Sobaken, two other infections that appear to be variants of the same malware. All three of these threats are distributed and used in the same ways, and they are equally as malicious and dangerous for the security of secret government information. ...

Researchers at 411-spyware.com have not found a malicious application named Zippyshare, but they have found a dubious website having this name – Zippyshare.net. At first glance, it seems to be an ordinary file-sharing website, but if you look at it closer, you will see that it contains a bunch of fake buttons and annoying pop-ups. It is not the only drawback of Zippyshare. Specialists say that it might be responsible for redirections to unreliable third-party websites too. You should not visit this website if you can. We cannot allow you to download applications from this website too. ...

Lately, Facebook has been accused of a serious data breach, which appears to have close ties with the Cambridge Analytica. Paul Grewal, VP & Deputy General Counsel at Facebook, issued a statement on 16 March regarding accusations that the social network has been directly involved in a massive data breach, which allegedly occurred in late 2015. As reported, Dr. Aleksandr Kogan, a professor at the University of Cambridge, leaked users' data to third parties, including Cambridge Analytica and Eunoia Technologies, Inc. An act of such nature directly violates the platform's Privacy Policy. ...

Even though Bitcoin seems to be at its peak, other currencies are gaining in popularity. In early January, 2018, researcher found a new strain of malware named RubyMiner targeting Linux and Windows servers that use outdated software to use their computational resources for mining Monero coins. RubyMiner was found to plant the miner XMrig, and the attempt to infect networks worldwide was carried out within 24 hours, affecting 30 percent of global networks. The top countries targeted by the RubyMiner malware includes the United States, United Kingdom, Germany, Norway, and Sweden. ...

Have you received a notification about UpgradeSys? This is an app that can be found pre-installed on some Android devices and that is classified as a potentially unwanted application (PUA). This app does NOT come pre-installed on all Android devices. In fact, until recently, it was believed that it was installed only on devices sold online by low-reputation vendors. Some recent reports show, however, that legitimate vendors might be selling devices with this app as well. How has this happened? That is something that we still need to figure out, but it was found that the company that has created this app is also responsible for Adups, which is a much more vicious and intrusive app that came pre-installed on Android devices back in 2016. ...

CCleaner is the world’s most popular PC cleaner, so it is not surprising that it was targeted by hackers who somehow infiltrated the development process of the 5.33 version of CCleaner and placed a backdoor in it. For the purposes of this article, the corrupted CCleaner will henceforth be called Cyber Villains Corrupted Ccleaner 5.33 Version. Cybersecurity experts were quick to notice that the corrupt version and the developer Piriform has since fixed the issue with the release of version 5.33.6163. If you have the 5.33.6162 version, then you should remove it and install an updated version because automatic updates are enabled only on Professional and Professional Plus versions while the Free version is not updated automatically. ...

There is a new infection that goes by the name Ev Ransomware, and it is not a regular file-encrypting infection that demands a ransom in return of a decryptor. While it does encrypt files and then demand a ransom, it does not target operating systems. Instead, it goes after WordPress websites. When researching this infection, it was still unable to perform complete attacks, but it was attempting them, which is why this infection is still mysterious. Despite the lack of information, it is obvious that this infection encrypts files to bring WP websites down and hold something hostage until money is paid. ...

Hundreds of extensions for Google Chrome are developed every day, but what concerns us the most is the so-called Developer Mode Extensions. These are browser extensions running in Developer Mode. If you have enabled this mode for testing purposes intentionally, there is no need to worry. On the other hand, closely inspect the list of extensions if an alert “Disable developer mode extensions” has appeared in the top-right corner of your browser when you have launched it. It is because it might suggest that certain Developer Mode Extensions have been enabled on your web browser without your knowledge. ...